Reverse Proxy
Providing access to Webswing through a http reverse proxy is recommended. Most used are Apache HTTP, NGINX and IIS. In this section some example configurations are presented. Examples below has been created with letsencrypt SSL certificates.
Apache HTTPD
This example expects that webswing server is running at localhot port 8080. Replace 127.0.0.1 with actual IP or domain name if the HTTPD is running on a different server.
httpd.conf:
<VirtualHost *:80>
ServerName demo.webswing.org
Redirect permanent / https://demo.webswing.org/
</VirtualHost>
<VirtualHost *:443>
ServerName demo.webswing.org
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/demo.webswing.org/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/demo.webswing.org/privkey.pem
RewriteEngine on
RewriteCond %{HTTP:Upgrade} =websocket
RewriteRule /(.*) ws://127.0.0.1:8080/$1 [P,L]
RewriteCond %{HTTP:Upgrade} !=websocket
RewriteRule /(.*) http://127.0.0.1:8080/$1 [P,L]
ProxyPass "/" "http://127.0.0.1:8080/"
ProxyPassReverse "/" "http://127.0.0.1:8080/"
</VirtualHost>
NGINX
This example demonstrates load balancing with NGINX. The sticky sessions are ensured by ip_hash directive.
nginx.conf:
events { }
http {
upstream backend {
ip_hash;
server webswing1:8080;
server webswing2:8080;
}
server {
listen 80;
server_name demo.webswing.org;
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl;
server_name demo.webswing.org;
ssl_certificate /etc/letsencrypt/live/demo.webswing.org/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/demo.webswing.org/privkey.pem;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
location / {
proxy_buffering off;
proxy_pass http://backend;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection upgrade;
proxy_set_header Host $host;
}
}
}